You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by da...@apache.org on 2020/03/09 11:32:47 UTC
[cloudstack] branch master updated: CLOUDSTACK-10271 maven plugin
for owasp dependency check added (#2446)
This is an automated email from the ASF dual-hosted git repository.
dahn pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
The following commit(s) were added to refs/heads/master by this push:
new 2d63ed5 CLOUDSTACK-10271 maven plugin for owasp dependency check added (#2446)
2d63ed5 is described below
commit 2d63ed5c243bd0732077c0e5485021b2be274aa7
Author: dahn <da...@shapeblue.com>
AuthorDate: Mon Mar 9 12:32:35 2020 +0100
CLOUDSTACK-10271 maven plugin for owasp dependency check added (#2446)
Co-authored-by: Daan Hoogland <da...@onecht.net>
---
pom.xml | 33 ++++++++++++++++++++++++++++++++-
1 file changed, 32 insertions(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index 3006dd7..e1d9de6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -67,11 +67,13 @@
<cs.jar-plugin.version>3.2.0</cs.jar-plugin.version>
<cs.pmd-plugin.version>3.12.0</cs.pmd-plugin.version>
<cs.project-info-plugin.version>3.0.0</cs.project-info-plugin.version>
+ <cs.owasp.dependency-checker-plugin.version>3.1.1</cs.owasp.dependency-checker-plugin.version>
<cs.release-plugin.version>2.5.3</cs.release-plugin.version>
<cs.resources-plugin.version>3.1.0</cs.resources-plugin.version>
<cs.site-plugin.version>3.8.2</cs.site-plugin.version>
<cs.surefire-plugin.version>2.22.2</cs.surefire-plugin.version>
+
<!-- Logging versions -->
<cs.log4j.version>1.2.17</cs.log4j.version>
<cs.log4j.extras.version>1.2.17</cs.log4j.extras.version>
@@ -154,6 +156,7 @@
<cs.neethi.version>2.0.4</cs.neethi.version>
<cs.nitro.version>10.1</cs.nitro.version>
<cs.opensaml.version>2.6.4</cs.opensaml.version>
+ <cs.owasp.esapi.version>2.1.0.1</cs.owasp.esapi.version>
<cs.rados-java.version>0.5.0</cs.rados-java.version>
<cs.reflections.version>0.9.12</cs.reflections.version>
<cs.servicemix.version>3.3.3_1</cs.servicemix.version>
@@ -584,7 +587,7 @@
<dependency>
<groupId>org.owasp.esapi</groupId>
<artifactId>esapi</artifactId>
- <version>2.1.0.1</version>
+ <version>${cs.owasp.esapi.version}</version>
</dependency>
<!-- Test dependency in mysql for db tests -->
<dependency>
@@ -731,6 +734,22 @@
</execution>
</executions>
</plugin>
+ <plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <version>${cs.owasp.dependency-checker-plugin.version}</version>
+ <configuration>
+ <skipProvidedScope>true</skipProvidedScope>
+ <skipRuntimeScope>true</skipRuntimeScope>
+ </configuration>
+ <executions>
+ <execution>
+ <goals>
+ <goal>check</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
</plugins>
<pluginManagement>
<plugins>
@@ -1137,6 +1156,18 @@
<reporting>
<plugins>
<plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <version>${cs.owasp.dependency-checker-plugin.version}</version>
+ <reportSets>
+ <reportSet>
+ <reports>
+ <report>aggregate</report>
+ </reports>
+ </reportSet>
+ </reportSets>
+ </plugin>
+ <plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>findbugs-maven-plugin</artifactId>
<version>${cs.findbugs-plugin.version}</version>